<?php

// +---------------------------------------------+
// |     Copyright  2010 - 2018 InterPhoto       |
// |     http://www.weentech.com                 |
// |     This file may not be redistributed.     |
// +---------------------------------------------+

if(!defined('INTERPHOTO')) die('File not found!');


// #######################################################

$userid = 0;
$userinfo = array();
define('COOKIE_NAME', 'InterPhotoF'.COOKIE_KEY);

$loginusername = ForceIncomingString('loginusername');
$loginpassword = ForceIncomingString('loginpassword');

if(strlen($loginusername) AND strlen($loginpassword))
{
 
	if(!isName($loginusername) OR !isPass($loginpassword)){
		$errortitle = $langs['login'].$sys_langs['error'];
		$errors = $sys_langs['badnameorpass'];
	}else{
		$userid = LoginUser($loginusername, $loginpassword);
		if(!$userid)
		{
			$errors[] = $sys_langs['nouser'];
			$errors[] = $sys_langs['notallowlogin'];
			$errortitle = $langs['login'].$sys_langs['error'];
			$islogined = false;
		}else	{
			CreateSession($userid);
			$islogined = true;
		}
	}

} else if (ForceIncomingInt('logout') == 1) {

	$sessionid = ForceIncomingCookie(COOKIE_NAME);

	if($sessionid AND IsPass($sessionid)){
		   $DB->query("DELETE FROM " . TABLE_PREFIX . "sessions WHERE sessionid = '$sessionid' ");
	}

	setcookie(COOKIE_NAME, "", 0, "/");

} else {

	$sessionid = ForceIncomingCookie(COOKIE_NAME);

	if($sessionid AND IsPass($sessionid)){
		$sql = "SELECT u.*, ug.* FROM " . TABLE_PREFIX . "sessions s
					LEFT JOIN " . TABLE_PREFIX . "users u ON u.userid = s.userid
					LEFT JOIN " . TABLE_PREFIX . "usergroups ug ON ug.groupid = u.groupid
					WHERE s.sessionid    = '$sessionid'
					AND   s.ipaddress = '" . GetIP() . "'
					AND   s.location = 0
					AND   s.admin = 0
					AND   u.activated = 1
					AND   ug.allowlogin = 1";

		$userinfo = $DB->query_first($sql);

		if(!$userinfo OR !$userinfo['userid']){
			unset($userinfo);
			setcookie(COOKIE_NAME, "", 0, "/");
			header("Location: ".GetUrl('login.php'));
			exit();
		}
	}else{
		$userinfo = GetUserInfo(0);
	}
}

unset($userid, $loginusername, $loginpassword, $sessionid);

// ####################################################################

function LoginUser($loginusername, $loginpassword)
{
	global $DB;

	$loginpassword = md5($loginpassword);

	$user = $DB->query_first("SELECT u.userid FROM " . TABLE_PREFIX . "users u LEFT JOIN  " . TABLE_PREFIX . "usergroups ug ON (u.groupid = ug.groupid) WHERE u.username = '$loginusername' AND u.password = '$loginpassword' AND u.activated = 1 AND ug.allowlogin = 1");

	return Iif(isset($user), $user['userid'], 0);
}


function CreateSession($userid)
{
	global $DB;

	$userip = GetIP();
	$useragent = substr(addslashes($_SERVER['HTTP_USER_AGENT']), 0, 252);
	$timenow = time();

	$session = array('sessionid'    => md5(uniqid($userid . COOKIE_KEY)),
				   'userid'       => $userid,
				   'ipaddress'    => $userip,
				   'useragent'    => $useragent,
				   'lastactivity' => $timenow);

	$DB->query("REPLACE INTO " . TABLE_PREFIX . "sessions (sessionid, userid, ipaddress, useragent, lastactivity, location, loggedin, admin)
			  VALUES ('" . $session['sessionid'] . "', '" . $session['userid'] . "', '" . $session['ipaddress'] . "', '" . $session['useragent'] . "', '" . $session['lastactivity'] . "', 0,  1, 0) ");
	$DB->query("UPDATE " . TABLE_PREFIX . "users SET lastactivity = " . $timenow . "  WHERE userid    = '$userid' ");

	setcookie(COOKIE_NAME, $session['sessionid'], 0, "/");
}


?>